Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FeeSplitter: ETH_ADDR isn't supported #134

Open
code423n4 opened this issue Nov 17, 2021 · 2 comments
Open

FeeSplitter: ETH_ADDR isn't supported #134

code423n4 opened this issue Nov 17, 2021 · 2 comments
Assignees
@maximebrugel
Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)

Comments

@code423n4
Copy link
Contributor

Handle

GreyArt

Vulnerability details

Impact

The view functions have the comment use ETH_ADDR for ETH. However, native ETH isn't supported by the FeeSplitter except for releaseETH(). Even so, releaseETH() uses WETH as the token address, not the ETH constant, as it will unwrap WETH to ETH.

This gives the wrong impression to readers of the contract that ETH is supported when it is in fact, not.

Recommended Mitigation Steps

Remove the comment use ETH_ADDR for ETH wherever it is mentioned.
@code423n4 code423n4 added 1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working labels Nov 17, 2021
code423n4 added a commit that referenced this issue Nov 17, 2021
@code423n4
GreyArt issue #134
1760c61
@maximebrugel maximebrugel added the disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments) label Nov 22, 2021
@maximebrugel
Copy link
Collaborator

This is a wrong comment, should be "Non-critical".

@alcueca
Copy link
Collaborator

alcueca commented Dec 3, 2021

Issues with comments are severity 1.

@maximebrugel maximebrugel self-assigned this Dec 14, 2021
@maximebrugel maximebrugel mentioned this issue Dec 14, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maximebrugel maximebrugel

Labels
1 (Low Risk) Assets are not at risk. State handling, function incorrect as to spec, issues with comments bug Something isn't working disagree with severity Sponsor confirms validity, but disagrees with warden’s risk assessment (sponsor explain in comments)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@maximebrugel @alcueca @code423n4